Developing the plan The importance of having an IT recovery plan has grown so much that the National Institute of Standards and Technology (NIST) published a special publication outlining a federal standard for these plans, NIST Special Publication 800-34. This standard highlighted seven key steps required in building a successful plan.
Planning Steps: Policy Directive
The first five steps are related to the actual development of the plan. The first step is to create the policy directive, which defines and sets the scope of the plan. This step is important because it helps guide the entire structure of the plan (Swanson, Bowen, Amy, Gallup, & Lynes, 2010). If the scope of the plan was limited to only the data centers, as an example, the plan …show more content…
While an initial test is virtually mandatory in order to identify anything that was missed, the plan should also be tested periodically to ensure the plan is still viable and does not need revision.
Testing: Types of Tests In regards to testing contingency plans, there are numerous methods to accomplish these tests, each with their own pros and cons. One of the simplest to accomplish is a table top exercise. This is the least invasive and least costly way to test a plan because its involvement is limited to key personnel sitting in a room going over events and how they would respond. This test does not require any equipment to be utilized. While this is a low cost method, it does not identify any issues that may appear in regards to equipment required by the plan (Swanson, 2010). The next test involves simulating a disaster and walking through the steps and actions that would be required. This is one step above a table top because it involves limited amounts of equipment but limits the interruption to actual business. This test provides more input on the actual viability of the plan and also allows the testing of equipment knowledge. The downside of this method is that it is still limited in scope and may miss certain items (Krocker,
Planning Steps: Policy Directive
The first five steps are related to the actual development of the plan. The first step is to create the policy directive, which defines and sets the scope of the plan. This step is important because it helps guide the entire structure of the plan (Swanson, Bowen, Amy, Gallup, & Lynes, 2010). If the scope of the plan was limited to only the data centers, as an example, the plan …show more content…
While an initial test is virtually mandatory in order to identify anything that was missed, the plan should also be tested periodically to ensure the plan is still viable and does not need revision.
Testing: Types of Tests In regards to testing contingency plans, there are numerous methods to accomplish these tests, each with their own pros and cons. One of the simplest to accomplish is a table top exercise. This is the least invasive and least costly way to test a plan because its involvement is limited to key personnel sitting in a room going over events and how they would respond. This test does not require any equipment to be utilized. While this is a low cost method, it does not identify any issues that may appear in regards to equipment required by the plan (Swanson, 2010). The next test involves simulating a disaster and walking through the steps and actions that would be required. This is one step above a table top because it involves limited amounts of equipment but limits the interruption to actual business. This test provides more input on the actual viability of the plan and also allows the testing of equipment knowledge. The downside of this method is that it is still limited in scope and may miss certain items (Krocker,